Keyvault performance#905
Keyvault performance#905chenrujun merged 11 commits intomicrosoft:masterfrom mnriem:keyvault-performance
Conversation
azure-spring-boot/src/main/java/com/microsoft/azure/keyvault/spring/KeyVaultOperation.java
Outdated
Show resolved
Hide resolved
azure-spring-boot/src/main/java/com/microsoft/azure/keyvault/spring/KeyVaultOperation.java
Show resolved
Hide resolved
...spring-boot/src/test/java/com/microsoft/azure/keyvault/spring/CaseSensitiveKeyVaultTest.java
Show resolved
Hide resolved
| }; | ||
| timer.scheduleAtFixedRate(task, 0, refreshInMillis); | ||
| } else { | ||
| refreshProperties(); |
There was a problem hiding this comment.
If refreshInMillis <= 0, we will not use cache, we should get the result(secret name list and secret value) from key-vault in every request.
There was a problem hiding this comment.
Also not going to change this as this setting is for refreshing the cached values, not for not caching at all. Should we allow for no caching at all? I do not think that is wise as the underlying Spring runtime can also be calling this at any given time (we do not control that).
There was a problem hiding this comment.
Should we allow for no caching at all?
I already discussed with @jialindai , we think that we allow no caching at all.
Let user configure whether need to cache.
If user configure refreshInMillis == 0, not cache make sense.
Maybe can can use kay-vault.cache.ms instead of refresh-interval as configure item?
There was a problem hiding this comment.
No caching will be detrimental to any application as you are not in control of when the PropertySource gets consulted. I strongly advice against that.
There was a problem hiding this comment.
Your concern make sense.
But current behavior is no cache.
IMU,
- About 80%(just guess) of key-vault property will only get one time. (when start the app).
- It's OK to let our customer determine whether to use cache.
There was a problem hiding this comment.
If we set the refresh interval to -1 to indicate we do NO caching at all then I will go ahead and implement that, but I still think this is bad from a user experience point of view. Our code now can slow down any part of their application because we do NOT control the order in which PropertySources are consulted, nor at what time! So agreed on the -1?
There was a problem hiding this comment.
As discussed in email. Let our customer to decide the TTL of cache.
azure-spring-boot/src/main/java/com/microsoft/azure/keyvault/spring/KeyVaultOperation.java
Show resolved
Hide resolved
| refreshProperties(); | ||
| } | ||
| }; | ||
| timer.scheduleAtFixedRate(task, 0, refreshInMillis); |
There was a problem hiding this comment.
If refreshInMillis equal to 1 second, and task will cost 1 minute to finish, then many task will run at the same time? That's not good.
There was a problem hiding this comment.
And it's not necessary to refreshProperties() again and again if the app only need to read the properties once.
(cc @jialindai FYI.)
There was a problem hiding this comment.
I mean, if getPropertyNames() and getProperty are not called, refreshProperties() should not execute.
There was a problem hiding this comment.
I disagree. A refresh interval is exactly that, aka the interval after which the keys/values are refreshed from the backend. So not going to change this. If the application developer does not need a refresh of the keys/values after startup the refresh interval can be set to 0.
There was a problem hiding this comment.
From the JavaDoc of Timer, "Corresponding to each Timer object is a single background thread that is used to execute all of the timer's tasks, sequentially."
There was a problem hiding this comment.
I feel you are looking to implement a TTL for each secret, if so we would have to rearchitect this.
Not for each secret, use current configure item refresh-interval as TTL of all secrets is my purpose.
Can we proceed as it currently stands? And IF we decide that TTL is appropriate to do that later?
Can we use current configure item refresh-interval as TTL of all secrets?
There was a problem hiding this comment.
But even with that said why on earth would anyone want to refresh the cache every minute?
Just as I said above: our customer may update key-value pair in key-vault (manually or by java code), then get the pair by environment.getProperty() minutes latter. if customer can not get the updated data, it may make our customer confused.
There was a problem hiding this comment.
I feel you are looking to implement a TTL for each secret, if so we would have to rearchitect this.
Not for each secret, use current configure item
refresh-intervalas TTL of all secrets is my purpose.Can we proceed as it currently stands? And IF we decide that TTL is appropriate to do that later?
Can we use current configure item
refresh-intervalas TTL of all secrets?
Great then I can leave the code I wrote as is as that is what the refresh interval does. It refreshes all the secrets after a specific time (Time To Live)
There was a problem hiding this comment.
But even with that said why on earth would anyone want to refresh the cache every minute?
Just as I said above: our customer may update key-value pair in key-vault (manually or by java code), then get the pair by environment.getProperty() minutes latter. if customer can not get the updated data, it may make our customer confused.
See my comments above
There was a problem hiding this comment.
It refreshes all the secrets after a specific time (Time To Live)
To save the resource of network and key-vault server:
I mean, if getPropertyNames() and getProperty are not called, refreshProperties() should not execute.
|
@jialindai said that So I'll approve it now. |
|
if this is part of 2.3.2 release? |
We plan to release it in 2.3.3 version |
|
Any tentative date for 2.3.3 release? |
We plan to release 2.3.3 around mid-August. |
4 participants
Summary
Rework refreshing logic to increase performance
Issue Type
Starter Names
Additional Information